Controls

Providers MUST publicly share up-to-date information about the cloud service offering in both human-readable and machine-readable formats, including at least: • Direct link to the FedRAMP Marketplace for the offering • Service Model • Deployment Model • Business Category • UEI Number • Contact Information • Overall Service Description • Detailed list of specific services and their impact levels (see FRR-ADS-03) • Summary of customer responsibilities and secure configuration guidance • Process for accessing information in the trust center (if applicable) • Availability status and recent disruptions for the trust center (if applicable) • Customer support information for the trust center (if applicable)

Providers MUST use automation to ensure information remains consistent between human-readable and machine-readable formats when authorization data is provided in both formats; Providers SHOULD generate human-readable and machine-readable data from the same source at the same time OR generate human-readable formats directly from machine-readable data.

Providers MUST share a detailed list of specific services and their impact levels that are included in the cloud service offering using clear feature or service names that align with standard public marketing materials; this list MUST be complete enough for a potential customer to determine which services are and are not included in the FedRAMP authorization without requesting access to underlying authorization data.